Keeping Corrupted Tech Out Of The Global Supply Chain
SAN FRANCISCO–(BUSINESS WIRE)–The Open Group today announces the launch of the Open Trusted Technology Providertrade Standard (O-TTPS) Accreditation Program, one of the first accreditation programs aimed at assuring the integrity of commercial off-the-shelf (COTS) information and communication technology (ICT) products worldwide and safeguarding the global supply chain against the increasing sophistication of Cybersecurity attacks.
Intended to assure integrity in technology development and to prevent maliciously tainted and counterfeit products from entering the supply chain, the accreditation program will ensure applicants conform to the O-TTPS standard.
Companies seeking O-TTPS Accreditation – which could be component suppliers, technology providers or integrators – can choose to be accredited for conforming to the O-TTPS standard and adhering to the best practice requirements across the entire enterprise, within a specific product line or business unit or within one or more individual products.
Organizations applying to become O-TTPS accredited are then required to provide evidence of conformance to each of the O-TTPS requirements, demonstrating they have the processes in place to secure their in-house development and their supply chains across the entire COTS ICT product lifecycle, including the design, sourcing, build, fulfilment, distribution, sustainment, and disposal phases.
O-TTPS accredited organizations will then be able to identify themselves as Open Trusted Technology Providerstrade and will become part of a public registry of trusted providers who help ensure they “Build with Integrity” so their customers can “Buy with Confidence”.
The Open Group is also announcing the O-TTPS Recognized Assessor Program, which assures that Recognized Assessor (companies) meet certain criteria as a third party assessor organization and that their assessors (individuals) meet an additional set of criteria and have passed the O-TTPS Assessor exam, before they can be assigned to an O-TTPS Assessment. The Open Group will operate this program, grant O-TTPS Recognized Assessor certificates and list those qualifying organizations on a public registry.
Organizations can download the O-TTPS v1.0 and the O-TTPS Accreditation Policy from the Trusted Technology Section in The Open Group Bookstore.
To learn more about becoming an accredited Open Trusted Technology Providertrade or an O-TTPS Recognized third-party assessor visit: http://www.opengroup.org/accreditation/o-ttps.
Quotes
Edna Conway, Chief Security Officer, Global Supply Chain, Cisco Systems and Vice-Chair of The Open Group Trusted Technology Forum, said: “The robust and cross-industry method through which the O-TTPS Accreditation Policy was developed has delivered a transparent, credible process with integrity.”
Andras Szakal, Vice President, Chief Technology Officer, IBM U.S. Federal IMT: said: “Secure by Design is a key tenant of the IBM secure engineering process. The Open Trusted Technology Providertrade Standard and Accreditation Program will help guide and recognize trusted technology vendors like IBM that value Secure by Design best practices. IBM is a proud founding member of the OTTF and has successfully piloted the accreditation program. In January 2014, IBM obtained O-TTPS accreditation for the Application Infrastructure and Middleware (AIM) Software Business Division, which includes the flagship WebSphere product line.”
Sally Long, Director, The Open Group Trusted Technology Forum, said: “Being able to identify accredited organizations not only benefits commercial customers and governments, it also benefits COTS ICT providers, who can identify and choose to work with accredited component suppliers – thus enabling a holistic approach that is essential to raising the bar for all constituents in the supply chain.”
Notes to editors
Tainted and counterfeit products pose significant risk to organizations because altered or non-genuine products introduce the possibility of untracked malicious behavior or poor performance. Both product risks can damage customers and suppliers resulting in failed or inferior products, revenue and brand equity loss, disclosure of intellectual property, and damage to critical infrastructure. The increase in sophistication of cyber-attacks has forced technology suppliers and governments to take a more comprehensive approach to risk management as it applies to product integrity and supply chain security. Customers are now seeking assurances that their providers are following standards to mitigate the risks of tainted and counterfeit components, while providers of COTS ICT are focusing on protecting the integrity of their products and services as they move through the global supply chain.
Resources
For more information on The Open Group Trusted Technology Forum click here.
To view a video featuring OTTF Vice-Chair and Cisco’s Chief Security Officer, Global Supply Chain, Edna Conway discussing the work of the OTTF, please click here.
About The Open Group Trusted Technology Forum (OTTF)
The Open Group Trusted Technology Forum (OTTF) leads the development of a global supply chain security program in order to provide buyers of IT products with a choice of accredited technology partners (component suppliers, providers and integrators). The Open Trusted Technology Providertrade Standard (O-TTPS) identifies best practices for technology integrity and supply chain security. The O-TTPS Accreditation Program assures conformance to the standard, distinguishing Open Trusted Technology Providerstrade, and fostering a secure and sustainable global supply chain.
The OTTF provides a vendor-neutral environment where security, supply chain, and acquisition professionals can lead the development of industry best practices and accreditation programs, utilize The Open Group’s broad reach to build global recognition for them, and network with a world-class community of experts and peers to grow professionally. We welcome the participation of all who want to influence the direction of the OTTF.
About The Open Group
The Open Group is an international vendor- and technology-neutral consortium upon which organizations rely to lead the development of IT standards and certifications, and to provide them with access to key industry peers, suppliers and best practices. The Open Group provides guidance and an open environment in order to ensure interoperability and vendor neutrality. Further information on The Open Group can be found at http://opengroup.org.
Article source: http://www.darkreading.com/management/keeping-corrupted-tech-out-of-the-global/240165980